For Example, Both Backdoors Use Same ‘Sleeping’ Algorithm
The “Sunburst” backdoor deployed in the breach of SolarWinds’ Orion network monitoring tool uses some of the same code found in the “Kazuar” backdoor, which security researchers have previously tied to Russian hackers, the security firm Kaspersky reports.
Hackers Gained Network Access Through Accellion File-Sharing Service
The Reserve Bank of New Zealand disclosed Sunday that hackers infiltrated its network after compromising its file-sharing system from Accellion. The nation’s central bank says the attack may have exposed commercial and consumer information, and other Accellion customers also had systems compromised.
Terabytes of Videos, Images and Posts From Conservative Social Media Site Saved
Terabytes’ worth of posts, images and videos from conservative social media site Parler have been forcibly obtained by security researchers, who have archived the material for investigators in the wake of the violent riot at the U.S. Capitol.
Consumer data privacy is no longer a necessary evil but a competitive differentiator for any company participating in the global economy. The EU’s GDPR represents the world’s most comprehensive regulation for privacy best practices, holding companies to stringent standards for data collection, storage and use. US national privacy law Many countries have followed suit in recent years by adopting similarly aggressive privacy laws that reflect a greater dedication to data protection. In stark contrast, the … More
The vast majority of attackers are opportunist criminals looking for easy targets to maximize their profits. If defenses are sufficiently fortified, finding a way through will be so difficult and time consuming that all but the most elite nation-state level threat actors will give up and go search of easier prey. Penetration testing is one of the most effective methods for achieving this level of security. A team of ethical hackers can discover and close … More
The post Addressing the lack of knowledge around pen testing appeared first on Help Net Security.
As COVID-19 spread over the world and nations and businesses adapted to minimize citizens’ and employees’ personal interactions to help contain the infection, a greater than ever number of people stayed at and worked from home. As expected, this necessary adaptation did not go unnoticed by cyber criminals. “We just recently launched the first Xfinity Cyber Health Report which combines data from a new consumer survey with actual threat data collected by our artificial-intelligence-powered xFi … More
The post Securing the connected home: A joint task for homeowners and their ISP appeared first on Help Net Security.
With the growing threat of fraud fueled by the digital acceleration that took place in 2020, Experian revealed five emerging fraud threats facing businesses in 2021. The rapid increase in digital use created a perfect storm for fraudsters to quickly find new ways to steal funds, capitalizing on consumers’ lack of familiarity with digital platforms and the resource constraints faced by many businesses. In fact, from January 2020 to early January 2021, the Federal Trade … More
The post Five emerging fraud threats facing businesses in 2021 appeared first on Help Net Security.
Videoconferencing has become a routine part of everyday life for remote workers, students, and families. Yet widespread adoption of this technology has also attracted nefarious characters whose motivations can range from simple disruption to full-out espionage. It’s important to understand these threats and how secure configuration of videoconferencing systems can improve the overall security of an organization and individual everyday users. Common videoconferencing attacks Making sure your videoconferencing technology is set up securely can help … More
The post Top videoconferencing attacks and security best practices appeared first on Help Net Security.
TP-Link’s latest networking offerings provide an easy to manage and secure home networking experience
TP-Link introduced its latest networking offerings. The award-winning Deco now comes with voice built-in, while the Deco Mesh WiFi 6E and Archer router takes your WiFi to new levels. TP-Link’s 10G router and switch ensures the best connections possible, along with the 5G WiFi gateway Deco X80 and the HomeShield premium security service provide a blazing fast, easy to manage, and ultra-secure home networking experience for consumers and businesses. Deco WiFi 6 Mesh with voice … More
The newest Intel Core vPro mobile platform gives PC hardware a direct role in detecting ransomware attacks.
Cloud provider hosting “certain” IT systems attacked, company says.
Ubiquiti, a major vendor of cloud-enabled Internet of Things (IoT) devices such as routers, network video recorders, security cameras and access control systems, is urging customers to change their passwords and enable multi-factor authentication. The company says an incident at a third-party cloud provider may have exposed customer account information and credentials used to remotely manage Ubiquiti gear.
In an email sent to customers today, Ubiquiti Inc. [NYSE: UI] said it recently became aware of “unauthorized access to certain of our information technology systems hosted by a third party cloud provider,” although it declined to name that provider.
The statement continues:
“We are not currently aware of evidence of access to any databases that host user data, but we cannot be certain that user data has not been exposed. This data may include your name, email address, and the one-way encrypted password to your account (in technical terms, the passwords are hashed and salted). The data may also include your address and phone number if you have provided that to us.”
Ubiquiti has not yet responded to requests for more information, but the notice was confirmed as official in a post on the company’s user support forum.
The warning from Ubiquiti carries particular significance because the company has made it fairly difficult for customers using the latest Ubiquiti firmware to interact with their devices without first authenticating through the company’s cloud-based systems.
This has become a sticking point for many Ubiquiti customers, as evidenced by numerous threads on the topic in the company’s user support forums over the past few months.
“While I and others do appreciate the convenience and option of using hosted accounts, this incident clearly highlights the problem with relying on your infrastructure for authenticating access to our devices,” wrote one Ubiquiti customer today whose sentiment was immediately echoed by other users. “A lot us cannot take your process for granted and need to keep our devices offline during setup and make direct connections by IP/Hostname using our Mobile Apps.”
To manage your security settings on a Ubiquiti device, visit https://account.ui.com and log in. Click on ‘Security’ from the left-hand menu.
1. Change your password
2. Set a session timeout value
3. Enable 2FA
According to Ubiquiti’s investment literature, the company has shipped more than 85 million devices that play a key role in networking infrastructure in over 200 countries and territories worldwide.
This is a developing story that may be updated throughout the day.
The SolarWinds supply chain compromise won’t be the last of its kind. Vendors and enterprises alike must learn and refine their detection efforts to find the next such attack.
How two traditionally disparate security disciplines can be united.
The AEVT decompiler helped researchers analyze a cryptominer campaign that used AppleScript for obfuscation and will help reverse engineers focused on other Mac OS malware.
Organizations that focus on optimizing their tools, cutting down on tool sprawl, and taking a strategic approach to transitioning to the cloud are poised for success.
Archiving, Crowdsourcing and Facial Recognition Help Identify Suspects for FBI
Investigators probing the violent storming of the U.S. Capitol by a mob on Wednesday have been seeking images and help in identifying suspects. The FBI, which is leading the investigation, has a range of investigative tools and technologies to help, including facial recognition software.
SolarWinds takes a leaf out of Zoom’s book, hires A-Team of Stamos and Krebs to sort out its security woes
The week’s other security news
Embattled and embarrassed network management shop SolarWinds has reportedly hired two of the highest profile security bods in the biz to sort out its woes.…
- User phone numbers
- Other people’s phone numbers stored in address books
- Profile names
- Profile pictures and
- Status message including when a user was last online
- Diagnostic data collected from app logs
Under the new terms, Facebook reserves the right to share collected data with its family of companies.
Facial recog biz denies its software identified ‘antifa members’ among mob that stormed Capitol Hill
Plus: US ban on selling AI code to China renewed for 2021, and Jim Keller hired by Canadian AI chip startup
In brief The facial recognition company said to have identified antifa members among rioters who ransacked Capitol Hill last week denied that its technology had ever done such a thing.…
I recently watched my team composing some music for a cybersecurity awareness project and using it to take an immersive Dark Web Mission Control Centre to a whole new level. It got me thinking about what we – i.e., the cybersecurity industry – can learn from music. Music is a massive part of popular culture and is universally loved across the globe. Conversely, cybersecurity is inapproachable and abstract to most people and is often seen … More
The post Strike a chord: What cybersecurity can learn from music appeared first on Help Net Security.